#1541 LDAP authorization with an incorrect username

Reporter Sergey
Owner Nobody
Stars ★★★ (5)
  • Priority-Medium
  • Type-Defect
  • Status-New
  • Component-Community
  1. Sergey on

    I configured Ldap authorization (LDAP2), it works. If I enter the wrong password, the wrong password window is displayed. And if I enter a non-existent username, the authorization window freezes and an error message appears in the logs: prosody[14484]: mod_bosh: Traceback[bosh]: /usr/lib/prosody/modules/ldap.lib.lua:218: attempt to index local 'attribs' (a nil value) stack traceback: /usr/lib/prosody/modules/ldap.lib.lua:218: in function 'singlematch' /usr/lib/prosody/modules/ldap.lib.lua:187: in function </usr/lib/prosody/modules/ldap.lib.lua:179> (tail call): ? ...ib/prosody/modules/mod_auth_ldap2/mod_auth_ldap2.lua:54: in function 'plain_test' /usr/lib/prosody/util/sasl/plain.lua:72: in function </usr/lib/prosody/util/sasl/plain.lua:38> (tail call): ? /usr/lib/prosody/modules/mod_saslauth.lua:77: in function </usr/lib/prosody/modules/mod_saslauth.lua:66> (tail call): ? /usr/lib/prosody/util/events.lua:67: in function 'fire_event' /usr/lib/prosody/core/stanza_router.lua:149: in function </usr/lib/prosody/core/stanza_router.lua:56> ... /usr/lib/prosody/net/http/server.lua:108: in function 'process_next' /usr/lib/prosody/net/http/server.lua:124: in function 'success_cb' /usr/lib/prosody/net/http/parser.lua:154: in function 'feed' /usr/lib/prosody/net/http/server.lua:150: in function </usr/lib/prosody/net/http/server.lua:149> (tail call): ? /usr/lib/prosody/net/server_select.lua:867: in function </usr/lib/prosody/net/server_select.lua:849> [C]: in function 'xpcall' /usr/bin/prosody:376: in function 'loop' /usr/bin/prosody:407: in main chunk [C]: ? I couldn't find an answer to my problem on forums and the Internet. Can you help?

  2. Sergey on

    the problem is observed if you specify base_dn = 'cn=users, dc=example, dc=com', If you specify base_dn = 'dc=example, dc=com', everything works. If you configure via saslauthd there is no such problem, everything works

  3. n2p on

    I'm having the same issue with jitsi meet LDAP authentication. basedn = 'dc=example, dc=com' does not solve the problem. (It was originally set like this) In jitsi config (ldap.cfg.lua) it is "basedn" instead of "base_dn".

  4. Jon Lusky on

    I patched prosody ldap module to work around it... --- /usr/lib/prosody/modules/ldap.lib.lua.dist 2020-04-14 17:24:41.664734644 +0000 +++ /usr/lib/prosody/modules/ldap.lib.lua 2020-04-14 17:31:10.042650354 +0000 @@ -215,7 +215,10 @@ query.scope = 'subtree'; for dn, attribs in ld:search(query) do - attribs.dn = dn; + -- badusername.patch + if attribs then + attribs.dn = dn; + end return attribs; end end

  5. Zash on

    • tags Component-Community
  6. Fabian on

    The mentioned patch from @Jon Lusky does not fix it for me. A solution would be highly appreciated, as every wrong usernames kills prosody/jitsi-meet

  7. DmDS on

    Thank you, Jon Lusky! The patch fixes the problem

New comment

Not published. Used for spam prevention and optional update notifications.